SharePoint User Group UK

Hi All,

I'm using SharePoint Portal 2003. Does anyone know of a way to authenticate users using their email address as there username?

The way that I understand things at the moment is that active directory is used for user authentication, and if we were to tell users to enter their email address as their username then we would require all of the domains used by there email addresses to be included in the schema of our active directory (not something we want to do). Any work arounds to this?

One work around I've thought of is to use a custom form-based authentication page, but again as I understand it form-based authentication is not support with SharePoint Portal.

Thanks in advance,

Chris

Hi Chris , I am afraid your information is correct. The E-Mail address sharepoint uses is the UPN ( User principal name ) taken from the AD logon field. Therefore in order to support authentication in this manner the user must have an account in AD or a local user account. Also correct on the forms based Authentication , In this version it is not possible. I cannot think of a workaround for this to enable you to use multiple E-Mail addresses to authenticate different external users.

There is a forms-based authentication solution available for Sharepoint - we are in the process of piloting for a large client whos users are all accessing via extranet. The application is provided by a US company using ISAPI filters.
This also gets over the problem of multiple authentications when trying to open office documents etc for users access sharepoint doucments over an extranet where integrated authentication is not available.

This application still authenticates against Active Directory, but I guess it may be possible to check a users name against an external  database & retrieve the AD name from there  (as the login page can run any application code), but that would mean doubling up on the user maintenance?

---

Gary - Novotronix

ok, I've briefly looked into using ISAPI filters, but I have no real knowledge of them so hadn't got very far.

Is it possible for you to give me the US companies name so that I can see if their solution is suitable for us?


* Side note: The MSDN blogs now indicate that SharePoint 12 will have "more flexable authentication"... I wish I knew what this meant... If I did it could open up more options for me, like "we'll authenticate this way until SharePoint 12, and then we can easily switch to email based authentication".


Cheers,


Chris

The real problem here is licensing. As soon as you uniquely identify a user to the system, you need a SQL CAL for that user, irrespective of whether AD is used. Microsoft loves to shoot itself in the foot like this - by giving us a great product and then ballsing it up with unrealistic licensing. It's hard to see how they justify that given the availability of free products such as Community Server and DotNetNuke.

If you really have enough CALs at your disposal (SQL per-processor licensing, for example), then the approach that others have taken (eg. Culminis) is to have users register at a seperate web site and an AD user account is then created behind the scenes. I'm not sure whether the account creation is automated or done manually. The user still has to log into the SharePoint site with the AD account.

I started working on a SharePoint web part to do exactly this job (allowing new users to register and create their own accounts) but as it is a 'spare time' project it is quite a way down my ToDo list.

 

---

Tim Long
TiGra Networks

BTW, I'm not a licensing expert - don;t quote me on any of that ;-) The point is, be aware that there are licensing issues.

---

Tim Long
TiGra Networks

cheers for that Tim, that's more or less the solution that my boss and I have come around to.

Thankfully we have two domains the Corporate domain and an external sharepoint domain. Our sharepoint domain has a one way trust with our corporate domain (in that it trusts our corporate domain).  That solves the issue of staff logging in. We are then going to create AD accounts using UPNs (within the sharepoint domain) for our external clients within an aspx page on the Sharepoint site.  Hopefully the approach we are taking will easily allow us to take up a more favourable authentication mechanism in Sharepoint 12 - we shall have to see.

As for Microsoft licensing - well that's just a mine field imho...


Chris,

Gary,
Were you able to resolve this whilst still enabling Client Integrated features? I'd be interested to know if you have... not sure what the ISAPI filters does to the system... but hopefully you'll get in touch!

Thanks,
jason.